1.6.17
+ * Add --disable-dane option to configure and check availability of the
+ for dane needed X509_check_ca function in openssl.
* Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a
zone to be an NSEC3 (or its RRSIG) covering an empty non terminal.
-
1.6.16 2012-11-13
* Fix Makefile to build pyldns with BSD make
* Fix typo in exporting b32_* symbols to make pyldns load again
;;
esac
+AC_ARG_ENABLE(dane, AC_HELP_STRING([--disable-dane], [Disable DANE support]))
+case "$enable_dane" in
+ no)
+ AC_SUBST(ldns_build_config_use_dane, 0)
+ ;;
+ *) dnl default
+ if test "x$HAVE_SSL" != "xyes"; then
+ AC_MSG_ERROR([DANE enabled, but no SSL support])
+ fi
+ AC_CHECK_FUNC(X509_check_ca, [], [AC_MSG_ERROR([OpenSSL does not support DANE: please upgrade OpenSSL or rerun with --disable-dane])])
+ AC_DEFINE_UNQUOTED([USE_DANE], [1], [Define this to enable DANE support.])
+ AC_SUBST(ldns_build_config_use_dane, 1)
+ ;;
+esac
+
AC_SUBST(LIBSSL_CPPFLAGS)
AC_SUBST(LIBSSL_LDFLAGS)
AC_SUBST(LIBSSL_LIBS)
;;
esac
-AC_ARG_ENABLE(ecdsa, AC_HELP_STRING([--enable-ecdsa], [Enable ECDSA support, experimental]))
+AC_ARG_ENABLE(ecdsa, AC_HELP_STRING([--disable-ecdsa], [Disable ECDSA support]))
case "$enable_ecdsa" in
- yes)
- AC_CHECK_FUNC(ECDSA_sign,,[AC_MSG_ERROR([OpenSSL does not support ECDSA])])
- AC_DEFINE_UNQUOTED([USE_ECDSA], [1], [Define this to enable ECDSA support.])
- AC_WARN([
- *****************************************************************
- *** YOU HAVE ENABLED ECDSA WHICH IS EXPERIMENTAL AT THIS TIME ***
- *** PLEASE DO NOT USE THIS ON THE PUBLIC INTERNET ***
- *****************************************************************])
+ no)
+ ;;
+ *) dnl default
+ if test "x$HAVE_SSL" != "xyes"; then
+ AC_MSG_ERROR([ECDSA enabled, but no SSL support])
+ fi
+ AC_CHECK_FUNC(ECDSA_sign, [], [AC_MSG_ERROR([OpenSSL does not support ECDSA: please upgrade OpenSSL or rerun with --disable-ecdsa])])
+ AC_CHECK_FUNC(SHA384_Init, [], [AC_MSG_ERROR([OpenSSL does not support SHA384: please upgrade OpenSSL or rerun with --disable-ecdsa])])
+ AC_CHECK_DECLS([NID_X9_62_prime256v1, NID_secp384r1], [], [AC_MSG_ERROR([OpenSSL does not support the ECDSA curves: please upgrade OpenSSL or rerun with --disable-ecdsa])], [AC_INCLUDES_DEFAULT
+#include <openssl/evp.h>
+ ])
+ # we now know we have ECDSA and the required curves.
+ AC_DEFINE_UNQUOTED([USE_ECDSA], [1], [Define this to enable ECDSA support.])
+ ;;
+esac
+
+AC_ARG_ENABLE(dane, AC_HELP_STRING([--disable-dane], [Disable DANE support]))
+case "$enable_dane" in
+ no)
;;
- no|*)
+ *) dnl default
+ if test "x$HAVE_SSL" != "xyes"; then
+ AC_MSG_ERROR([DANE enabled, but no SSL support])
+ fi
+ AC_CHECK_FUNC(X509_check_ca, [], [AC_MSG_ERROR([OpenSSL does not support DANE: please upgrade OpenSSL or rerun with --disable-dane])])
+ AC_DEFINE_UNQUOTED([USE_DANE], [1], [Define this to enable DANE support.])
;;
esac
#define LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT @ldns_build_config_have_attr_format@
#define LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED @ldns_build_config_have_attr_unused@
#define LDNS_BUILD_CONFIG_HAVE_SOCKLEN_T @ldns_build_config_have_socklen_t@
+#define LDNS_BUILD_CONFIG_USE_DANE @ldns_build_config_use_dane@
/*
* HAVE_STDBOOL_H is not available when distributed as a library, but no build
projects / thirdparty / ldns.git / commitdiff
